# UX7 Agent Instructions

These instructions apply to the entire UX7 project tree.

## Hard workspace boundary

- Work only within `/home/underlistedx/public_html`.
- The UX7 application root is `/home/underlistedx/public_html/ux7.underlisted-x.com`.
- Never read, write, enumerate, or execute against paths outside `/home/underlistedx/public_html`.
- Never weaken, bypass, or make configurable this boundary.
- Resolve canonical paths before access. Reject traversal, symbolic-link escapes, UX7 itself as a target project, and targets that are not direct workspace children.

## Architecture

- Keep all backend code in `src/`; never place backend code, secrets, databases, logs, uploads, or task data in `public/`.
- Treat `public/` as the public web root. Only browser-safe static or generated frontend assets belong there.
- Keep durable runtime data in the matching `storage/` subdirectory.
- Treat each non-hidden first-level directory in the workspace as a discoverable project, except `ux7.underlisted-x.com`.
- Preserve hosting-managed files unless a task explicitly requires changing them.

## Product and security expectations

- Build a mobile-first AI chat interface; do not expose a terminal-style UI.
- Preserve the polished mobile chat experience and responsive desktop shell.
- Keep conversations, drafts, messages, project paths, attachments, and task events private.
- Never cache private API responses, authentication data, projects, messages, task streams, attachments, diffs, or audit data.
- Keep task adapters interchangeable through the `TaskAgent` contract.
- Sanitize rendered Markdown and redact activity output before storage and display.
- Require secure authentication and 2FA before project or Codex access.
- Validate authorization and project scope on every server-side operation.
- Stream command activity as structured, redacted events. Never expose environment secrets.
- Make file mutations auditable and create rollback data before applying changes.
- Use safe process spawning without a shell wherever possible; never interpolate untrusted input into commands.

## Quality gates

- Use Node.js 22.x and strict TypeScript.
- Add or update tests for security boundaries, authentication, project discovery, mutations, and rollback.
- Test authentication and streaming authorization whenever either system changes.
- Run relevant tests and type checking before considering a change complete.
- Do not commit `.env`, credentials, private keys, runtime databases, logs, uploads, task events, or backups.
